Hi, We are going to use a OpenBSD system in a PCI-DSS compliant environment. Is there any way we can prove to our PCI-DSS assessor that the OpenBSD image we use for our installation can be checked so that it is the correct one (is not modified in a malicious way by a third party) ? A https link to some kind of ISO checksum or something similar (but using strong cryptography) I think would do it, but I could not find any (except a line in the FAQ stating "If the men in black suits are out to get you, they're going to get you." which is not the case :) )
Thanks, Valentin Zagura
